baran 0 Posted February 8 Share Posted February 8 hi guys how can i solve this problem? Link to post Share on other sites
Administrators Marcos 3,632 Posted February 8 Administrators Share Posted February 8 Do you experience any issues with cleaning the threat? Is it recurring? Link to post Share on other sites
baran 0 Posted February 8 Author Share Posted February 8 Yes, it is constantly detected and deleted on all systems on the network Why do it again? Link to post Share on other sites
Administrators Marcos 3,632 Posted February 8 Administrators Share Posted February 8 Please provide logs collected with ESET Log Collector from such machine. Link to post Share on other sites
baran 0 Posted February 8 Author Share Posted February 8 what log? witch one? you need Default Threat Detection All: None Custom Link to post Share on other sites
Administrators Marcos 3,632 Posted February 8 Administrators Share Posted February 8 Default template is ok unless we explicitly ask to use a non-default one. Link to post Share on other sites
baran 0 Posted February 8 Author Share Posted February 8 here you are thank you efsw_logs.zip Link to post Share on other sites
Administrators Marcos 3,632 Posted February 8 Administrators Share Posted February 8 The malware is being copied to network shares from a remote machine with SR**********S\Administrator logged in. Please carry on as follows: - close any unnecessary network-aware applications that generate network traffic - enable advanced network protection logging in the adv. setup -> tools -> diagnostics - wait until the malware is detected - disable logging - collect fresh logs with ELC. Link to post Share on other sites
baran 0 Posted February 9 Author Share Posted February 9 thank you so much Link to post Share on other sites
Recommended Posts